{"id":8401,"date":"2026-03-02T14:24:23","date_gmt":"2026-03-02T14:24:23","guid":{"rendered":"https:\/\/www.europesays.com\/sk\/8401\/"},"modified":"2026-03-02T14:24:23","modified_gmt":"2026-03-02T14:24:23","slug":"takto-funguje-smishing-z-pohladu-hackerov-ktori-sa-ti-snazia-vybielit-ucet-od-nakupu-databaz-po-zachytenie-sms-2fa-kodu-vosveteit-sk","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/sk\/8401\/","title":{"rendered":"Takto funguje smishing z poh\u013eadu hackerov, ktor\u00ed sa ti sna\u017eia vybieli\u0165 \u00fa\u010det. Od n\u00e1kupu datab\u00e1z po zachytenie SMS 2FA k\u00f3du | Vosveteit.sk"},"content":{"rendered":"

Smishing, alebo SMS phishing, je podvod, ktor\u00fd \u00fato\u010dn\u00edci pou\u017e\u00edvaj\u00fa na oklamanie \u013eud\u00ed, aby prezradili citliv\u00e9 \u00fadaje alebo nain\u0161talovali \u0161kodliv\u00fd softv\u00e9r do telef\u00f3nu. Ka\u017ed\u00fd de\u0148 sa pod\u013ea odhadov rozosiela 300\u2013400 tis\u00edc tak\u00fdchto spr\u00e1v, ktor\u00e9 predstieraj\u00fa, \u017ee poch\u00e1dzaj\u00fa od b\u00e1nk<\/a>, doru\u010dovac\u00edch slu\u017eieb \u010di \u0161t\u00e1tnych in\u0161tit\u00faci\u00ed.<\/p>\n

Nejde ale o \u017eiadne n\u00e1hodn\u00e9 rozosielanie spr\u00e1v. Smishing dnes funguje ako systematick\u00fd proces, ktor\u00fd za\u010d\u00edna n\u00e1kupom d\u00e1t, pokra\u010duje v\u00fdberom infra\u0161trukt\u00fary, personaliz\u00e1ciou \u00fatoku a kon\u010d\u00ed re\u00e1lnym zneu\u017eit\u00edm pr\u00edstupu. Pozrime sa na to, ako cel\u00fd tento mechanizmus prebieha z poh\u013eadu \u00fato\u010dn\u00edka, vysvet\u013euj\u00fa experti na bezpe\u010dnos\u0165 z iverify.io<\/a>.<\/p>\n

<\/p>\n

<\/p>\n

Odoberaj Vosveteit.sk cez Telegram a prihl\u00e1s sa k odberu spr\u00e1v
\n <\/a><\/p>\n

Z\u00edskanie cie\u013eov: mas\u00edvne datab\u00e1zy telef\u00f3nnych \u010d\u00edsel<\/p>\n

\u00dato\u010dn\u00edci najprv potrebuj\u00fa ciele, teda obrovsk\u00e9 zoznamy telef\u00f3nnych \u010d\u00edsel. Z\u00edskavaj\u00fa ich r\u00f4zne<\/a>. Raz kupuj\u00fa od d\u00e1tov\u00fdch brokerov, inokedy siahaj\u00fa po ukradnut\u00fdch datab\u00e1zach z \u00fanikov alebo vyu\u017e\u00edvaj\u00fa zle zabezpe\u010den\u00e9 cloudov\u00e9 \u00falo\u017eisk\u00e1. Takto si dok\u00e1\u017eu pripravi\u0165 stovky tis\u00edc a\u017e mili\u00f3ny \u010d\u00edsiel, na ktor\u00e9 bud\u00fa rozosiela\u0165 podvodn\u00e9 spr\u00e1vy.<\/p>\n

D\u00e1tov\u00ed brokeri zhroma\u017e\u010fuj\u00fa kontakty z verejn\u00fdch registrov, marketingov\u00fdch kampan\u00ed, mobiln\u00fdch aplik\u00e1ci\u00ed \u010di e-shopov. D\u00e1ta b\u00fdvaj\u00fa trieden\u00e9 pod\u013ea regi\u00f3nu alebo z\u00e1ujmov, tak\u017ee \u00fato\u010dn\u00edk si m\u00f4\u017ee objedna\u0165 zoznam \u013eud\u00ed z konkr\u00e9tnej oblasti alebo demografickej skupiny. \u010eal\u0161\u00edm zdrojom s\u00fa \u00faniky datab\u00e1z. Ak d\u00f4jde k naru\u0161eniu bezpe\u010dnosti ve\u013ekej slu\u017eby, telef\u00f3nne \u010d\u00edsla sa ve\u013emi r\u00fdchlo objavia na darknete a stan\u00fa sa s\u00fa\u010das\u0165ou \u010fal\u0161\u00edch podvodn\u00fdch kampan\u00ed. \u010cast\u00fdm probl\u00e9mom s\u00fa aj zle nastaven\u00e9 cloudov\u00e9 datab\u00e1zy, ktor\u00e9 zostan\u00fa verejne pr\u00edstupn\u00e9. \u00dato\u010dn\u00edk ich jednoducho n\u00e1jde a stiahne si kompletn\u00fd zoznam kontaktov.<\/p>\n

\"Ako\"AkoZdroj: iVerify<\/a><\/p>\n

\u201eKyberzlo\u010dinci m\u00f4\u017eu pomocou lacn\u00fdch slu\u017eieb SMS br\u00e1n rozosiela\u0165 desa\u0165tis\u00edce phishingov\u00fdch SMS spr\u00e1v za cenu len 0,005 $ za spr\u00e1vu,\u201c hovor\u00ed Daniel Kelley, bezpe\u010dnostn\u00fd analytik.<\/p>\n

Recon f\u00e1za: personalizovan\u00e9 \u00fatoky na firmy<\/p>\n

Pri \u00fatokoch na firmy nejde o n\u00e1hodu. \u00dato\u010dn\u00edci si robia prieskum. Z verejn\u00fdch zdrojov, LinkedInu alebo uniknut\u00fdch datab\u00e1z si vytvoria zoznam zamestnancov, zmapuj\u00fa oddelenia a zistia, ak\u00e9 n\u00e1stroje firma pou\u017e\u00edva. N\u00e1sledne pripravuj\u00fa personalizovan\u00e9 spr\u00e1vy, ktor\u00e9 vyzeraj\u00fa ako upozornenia z konkr\u00e9tnych syst\u00e9mov, ktor\u00e9 dan\u00e9 oddelenie be\u017ene pou\u017e\u00edva. Tak\u00e9to cielen\u00e9 kampane maj\u00fa v\u00fdrazne vy\u0161\u0161iu \u00faspe\u0161nos\u0165 ne\u017e generick\u00e9 spr\u00e1vy o \u201ezablokovanom \u00fa\u010dte\u201c.<\/p>\n

Neprehliadni
\n <\/p>\n

\"Tvoje\"Tvoje <\/p>\n

\n\t\t\t\t\tPopul\u00e1rna spravodajsk\u00e1 aplik\u00e1cia pre iOS a Android dostala ve\u013ek\u00fa aktualiz\u00e1ciu. Pribudlo mno\u017estvo nov\u00fdch funkci\u00ed, ktor\u00e9 mus\u00ed\u0161 vysk\u00fa\u0161a\u0165 <\/p>\n

<\/a><\/p>\n

Infra\u0161trukt\u00fara: SMS br\u00e1ny, VoIP a spoofing<\/p>\n

Ke\u010f maj\u00fa \u010d\u00edsla, potrebuj\u00fa infra\u0161trukt\u00faru. \u010casto vyu\u017e\u00edvaj\u00fa<\/a> komer\u010dn\u00e9 SMS br\u00e1ny, VoIP poskytovate\u013eov alebo dokonca SIM farmy, aby spr\u00e1vy pre\u0161li cez legit\u00edmne siete a aby sa \u00fato\u010dn\u00edci nestretli s r\u00fdchlou blok\u00e1ciou. Spr\u00e1vy potom obsahuj\u00fa l\u00e1kav\u00e9 alebo alarmuj\u00face texty, napr\u00edklad blokovan\u00fd \u00fa\u010det, me\u0161kanie bal\u00edka alebo v\u00fdhru v s\u00fa\u0165a\u017ei, \u010dasto s odkazom na phishingov\u00fa str\u00e1nku alebo automatick\u00fd hovor.<\/p>\n

\u00dato\u010dn\u00edci vyu\u017e\u00edvaj\u00fa aj spoofing<\/a>, tak\u017ee SMS m\u00f4\u017ee vyzera\u0165, \u017ee pri\u0161la priamo od banky alebo miestnej slu\u017eby. V niektor\u00fdch pr\u00edpadoch sa dokonca zobraz\u00ed v rovnakom vl\u00e1kne<\/a> ako legit\u00edmne spr\u00e1vy od danej in\u0161tit\u00facie.<\/p>\n

\"falosna\"falosnaZdroj: \u010cSOB<\/p>\n

Smishing sa u\u017e d\u00e1vno neobmedzuje len na klasick\u00e9 SMS. \u00dato\u010dn\u00edci \u010doraz viac vyu\u017e\u00edvaj\u00fa iMessage (Apple) a RCS (Android). Tieto spr\u00e1vy id\u00fa cez d\u00e1ta, nie cez klasick\u00fa telekomunika\u010dn\u00fa sie\u0165, tak\u017ee \u00fato\u010dn\u00edci ich m\u00f4\u017eu posiela\u0165 zadarmo a obch\u00e1dzaj\u00fa tradi\u010dn\u00e9 filtre oper\u00e1torov.<\/p>\n

Phishing ako slu\u017eba: \u00fatok bez technick\u00fdch znalost\u00ed<\/p>\n

Dnes u\u017e \u00fato\u010dn\u00edk nemus\u00ed by\u0165 technick\u00fd expert. Na darknete<\/a> si m\u00f4\u017ee k\u00fapi\u0165 hotov\u00e9 bal\u00edky, ktor\u00e9 obsahuj\u00fa \u0161abl\u00f3ny spr\u00e1v, podvodn\u00e9 prihlasovacie str\u00e1nky aj administra\u010dn\u00fd panel na sledovanie obet\u00ed. Niektor\u00e9 slu\u017eby dokonca umo\u017e\u0148uj\u00fa nastavi\u0165 spoofing odosielate\u013ea jedn\u00fdm kliknut\u00edm. Smishing sa tak men\u00ed na \u201eslu\u017ebu\u201c, ktor\u00fa si m\u00f4\u017ee prenaja\u0165 prakticky ktoko\u013evek.<\/p>\n

Real-time \u00fatok na SMS 2FA: ako funguje zachytenie k\u00f3du<\/p>\n

Z poh\u013eadu organiz\u00e1ci\u00ed predstavuje smishing ve\u013ek\u00e9 riziko najm\u00e4 tam, kde sa pou\u017e\u00edva SMS<\/a> na dvojfaktorov\u00e9 overovanie. \u00dato\u010dn\u00edci dnes vyu\u017e\u00edvaj\u00fa takzvan\u00e9 adversary-in-the-middle proxy. Funguje to tak, \u017ee podvodn\u00e1 str\u00e1nka v skuto\u010dnosti funguje ako sprostredkovate\u013e medzi obe\u0165ou a re\u00e1lnou slu\u017ebou. Ke\u010f obe\u0165 zad\u00e1 prihlasovacie \u00fadaje, proxy ich okam\u017eite prepo\u0161le legit\u00edmnej slu\u017ebe. T\u00e1 n\u00e1sledne po\u0161le SMS k\u00f3d na overenie. Obe\u0165 dostane re\u00e1lny k\u00f3d a zad\u00e1 ho na podvodnej str\u00e1nke, ktor\u00e1 ho v re\u00e1lnom \u010dase prepo\u0161le \u010falej. \u00dato\u010dn\u00edk tak dokon\u010d\u00ed prihl\u00e1senie e\u0161te po\u010das platnosti k\u00f3du.<\/p>\n

Monetiz\u00e1cia: \u010do nasleduje po \u00faspe\u0161nom pr\u00edstupe<\/p>\n

Po z\u00edskan\u00ed pr\u00edstupu \u00fato\u010dn\u00edci zvy\u010dajne konaj\u00fa r\u00fdchlo. M\u00f4\u017eu previes\u0165 peniaze, zmeni\u0165 kontaktn\u00e9 \u00fadaje v \u00fa\u010dte, prida\u0165 nov\u00e9ho pr\u00edjemcu alebo resetova\u0165 \u010fal\u0161ie slu\u017eby. V pr\u00edpade firemn\u00fdch \u00fa\u010dtov m\u00f4\u017ee d\u00f4js\u0165 k finan\u010dn\u00fdm podvodom alebo k \u010fal\u0161iemu \u0161\u00edreniu \u00fatoku v r\u00e1mci organiz\u00e1cie. Niekedy sa z\u00edskan\u00e9 pr\u00edstupy pred\u00e1vaj\u00fa na podzemn\u00fdch f\u00f3rach \u010fal\u0161\u00edm zlo\u010dincom, ktor\u00ed ich zneu\u017eij\u00fa nesk\u00f4r.<\/p>\n

Takto sa m\u00f4\u017ee\u0161 br\u00e1ni\u0165<\/p>\n

Ak si u\u017e klikol na odkaz<\/a> alebo zadal \u00fadaje, je potrebn\u00e9 kona\u0165 okam\u017eite. Najprv zme\u0148 v\u0161etky hesl\u00e1, kde pou\u017e\u00edva\u0161 rovnak\u00e9 alebo podobn\u00e9 kombin\u00e1cie. Potom prepnite overovanie z SMS k\u00f3dov na aplik\u00e1cie typu Google Authenticator \u010di Microsoft Authenticator, ktor\u00e9 s\u00fa vo\u010di tak\u00fdmto \u00fatokom odolnej\u0161ie.<\/p>\n

\"kliknutie\"kliknutie
Zdroj: Gerd Altmann a Pete Linforth z Pixabay, Vosveteit.sk (kol\u00e1\u017e)<\/a><\/p>\n

Nakoniec kontaktuj banku, aj prevent\u00edvne, aby mohla sledova\u0165 podozriv\u00e9 transakcie a pr\u00edpadne zablokova\u0165 kartu. Tieto jednoduch\u00e9 kroky v\u00fdrazne zni\u017euj\u00fa riziko, \u017ee podvod ohroz\u00ed tvoje financie.<\/p>\n

\"Ako\"AkoZdroj: iVerify<\/a><\/p>\n

Cel\u00fd proces smishingu je kombin\u00e1ciou d\u00e1tov\u00fdch \u00fanikov, technickej infra\u0161trukt\u00fary a psychol\u00f3gie. \u00dato\u010dn\u00edci vyu\u017e\u00edvaj\u00fa presved\u010div\u00fd obsah, modern\u00e9 komunika\u010dn\u00e9 slu\u017eby a real-time zachyt\u00e1vanie prihlasovac\u00edch \u00fadajov, aby maximalizovali \u0161ancu na \u00faspech. Preto dnes nesta\u010d\u00ed spolieha\u0165 sa len na technick\u00e9 filtre. Pozornos\u0165 pou\u017e\u00edvate\u013ea a spr\u00e1vne nastaven\u00e9 bezpe\u010dnostn\u00e9 mechanizmy s\u00fa k\u013e\u00fa\u010dov\u00e9.<\/p>\n


\n
\n
\n
\n
\n
\n P\u00e1\u010dil sa v\u00e1m \u010dl\u00e1nok? Sledujte n\u00e1s na Facebooku
\n
\n <\/a> <\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"Smishing, alebo SMS phishing, je podvod, ktor\u00fd \u00fato\u010dn\u00edci pou\u017e\u00edvaj\u00fa na oklamanie \u013eud\u00ed, aby prezradili citliv\u00e9 \u00fadaje alebo nain\u0161talovali…\n","protected":false},"author":2,"featured_media":8402,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[3423,64,65,66,4722,4723,4724,228,4065,229,43,40,39,42,41,4725,4726,710],"class_list":{"0":"post-8401","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-ekonomika","8":"tag-banka","9":"tag-business","10":"tag-economic","11":"tag-ekonomika","12":"tag-falosny-kurier","13":"tag-falosny-pracovnik","14":"tag-hackeri","15":"tag-peniaze","16":"tag-podvod","17":"tag-problem","18":"tag-sk","19":"tag-slovak","20":"tag-slovakia","21":"tag-slovencina","22":"tag-slovensko","23":"tag-smishing","24":"tag-sms","25":"tag-utok"},"share_on_mastodon":{"url":"","error":""},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/sk\/wp-json\/wp\/v2\/posts\/8401","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/sk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/sk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/sk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/sk\/wp-json\/wp\/v2\/comments?post=8401"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/sk\/wp-json\/wp\/v2\/posts\/8401\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/sk\/wp-json\/wp\/v2\/media\/8402"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/sk\/wp-json\/wp\/v2\/media?parent=8401"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/sk\/wp-json\/wp\/v2\/categories?post=8401"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/sk\/wp-json\/wp\/v2\/tags?post=8401"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}